Profile not showed for default registration process being access too easily
By Alexandre Cayer on Thursday, 30 October 2014
Posted in General Issues
Replies 12
Likes 0
Views 795
Votes 0
Hi ES Folks,

I'm building up my profile for new site.
Right now I have 2 public profiles (person and corporation).
These 2 are accessible via the default registration process, open to anyone.

I have a 3rd one that isn't used for default process and isn't enable to be showed.
It is not showing, however this 3rd one (and other to show) are invited only profile.

However, the profile are open to everyone by only changing it's ID number in the URL therefore, my 3rd profile is ID number 3.

/en/community/registration.html?task=selectType&profile_id=1&controller=registration

I know that this doesn't exist, but any kind of security would be welcome

Any feedback ?

Alex

EDIT: Adding a token (like the one in Joomla for form) for non-enabled profile type could be one way!? An helper function through controller.... a custom field which would catch value or die script and go back !? Any thoughts ?
Hi,

The redirection happens @ /components/com_easysocial/views/registration/view.html.php "selectType" method. You can do JRequest there.
Jason Rey
·
Thursday, 30 October 2014 12:57
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi,

Token is only used to validate if the user is valid, it does not validate against permission to access certain profiles.

Perhaps what we can do is for user to specify a private key for the profile, and only a specific link with the correct public key can access to it.

That said, currently we are focusing on other task, so we will put this in our feature to-do and we will see if we can include this in the future.
Jason Rey
·
Thursday, 30 October 2014 11:44
·
0 Likes
·
0 Votes
·
0 Comments
·
P/S You might want to create a voices ticket at stackideas.com/voices/easysocial
Jason Rey
·
Thursday, 30 October 2014 11:44
·
0 Likes
·
0 Votes
·
0 Comments
·
Thanks Jason,
I'll try a demo before adding.

the SEF reroute :
/en/community/registration.html?task=selectType&profile_id=3&controller=registration
to
en/community/registration/steps/1.html

Never worked with SEF yet before. The JURI object is empty so as the JRequest, which technically make sense. How can i undo the SEF to get back the variables to check if a private key is there or not ?

Thanks
Alexandre Cayer
·
Thursday, 30 October 2014 12:50
·
0 Likes
·
0 Votes
·
0 Comments
·
A working beta
Added 3 lines to the front-end registration view (view.html.php)
Added this custom field to my 3rd profile (token.zip)
And my Token field from my custom field has to match my &key value:
/en/community/registration.html?task=selectType&profile_id=3&controller=registration&key=allalalaklfk

if no match, redirect to the registration profile home screen
Alexandre Cayer
·
Thursday, 30 October 2014 14:48
·
0 Likes
·
0 Votes
·
0 Comments
·
Thanks for sharing this Alexandre
Mark
·
Friday, 31 October 2014 01:16
·
0 Likes
·
0 Votes
·
0 Comments
·
Hey Mark, hope this can inspire you to get an OEM version :P
Alexandre Cayer
·
Saturday, 01 November 2014 12:52
·
0 Likes
·
0 Votes
·
0 Comments
·
Haha, we'll see
Mark
·
Saturday, 01 November 2014 15:09
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi Alexandre,

Thanks for this. Can you confirm if this works with latest version 1.4.12?
Jared Hungerford
·
Thursday, 18 August 2016 04:56
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi Jared Hungerford,

I've tested this and it could be working if you make some modification in the current view.html.php file, because the file that Alex provided is already obsolete now. But you can download and install the token custom field that Alex made.
In the
JOOMLA_FOLDER\components\com_easysocial\views\registration\view.html.php
You need to add the code below in LINE 707 under function selecType
// implementation of TOKEN CUSTOM FIELD

        $key=JRequest::getVar("key",null);

        $session = JFactory::getSession();

        $session->set("profile_private_key",$key);


P/S: I suggested you to backup the file that you want to customize beforehand
Muhammad Fadhli
·
Thursday, 18 August 2016 16:33
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi Muhammad,

Thanks for the code. It was a nice try but it doesn't work properly.

The workflow does not move past the stage where the token custom field is located (Profile Type\custom field) in the form. It's a shame because this is such a useful custom field to have available.

I've had to revert back to normal. Thanks again for trying.
Jared Hungerford
·
Friday, 19 August 2016 12:54
·
0 Likes
·
0 Votes
·
0 Comments
·
You are most welcome Jared Hungerford. Perhaps you can voice it out so our developers can keep track the features that we can implement in our incoming version
You can voice it out here : EasySocial Voice

Have a nice day ahead
Muhammad Fadhli
·
Friday, 19 August 2016 15:17
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post